Bug Hunting and Analysis 0x65

Bug Hunting and Analysis 0x65

This 3 day course is structured to impart upon the students the skills necessary to effectively utilize debuggers, disassemblers, and other tools to discover vulnerabilities in binary code. The curriculum will begin by introducing students to the tools and generic techniques that will enable them to actively participate in reversing applications during the rest of the course.

After gaining a basic understanding of the tools involved, the instructors will spend day 2 walking students through case studies from patched vulnerabilities. That is, we will be choosing specific vulnerabilities and walking the students through the methodology used to verify them (debugging) and how the discoverer likely found them (fuzzing, static reverse engineering, dynamic instrumentation, etc). As each flaw is dissected, we will focus on how the student's arsenal of techniques can be extended to more easily debug applications and eventually discover similar bugs going forward.

On day 3 we will begin focusing on automating our tools to build a checklist that we can use to more efficiently reverse engineer a binary code base. We will walk through a complete audit of a default installation (latest version) of a popular enterprise server application culminating in the discovery of a remote pre-authentication 0day vulnerability. Students will be required to sign a minimal NDA in order to participate in this portion of the training.

Class Requirements

Prerequisite Knowledge:
Prospective students should have basic x86 assembly fluency. Previous debugging experience is also required; Our debugger of choice for this class will be WinDBG. Some familiarity with python is a plus but not required. Our target platform will be Windows 2003, the student should be comfortable operating in this environment. There are no host OS requirements besides supporting the prerequisite software identified below. Student should have all prerequisite software installed/licensed as necessary/configured in their host operating environment prior to Day 1.